IPsec is supported in zones. Each zone can have its own IPsec policy and IKE configuration. A zone can be treated like a separate host.
The exception is for shared-IP zones, which do not have their own IP stack. For shared-IP zones, the IPsec policy and IKE configuration are performed in the global zone. The IPsec policy rules for the shared-IP zone use the IP address that is assigned to that zone.
For more information, see Chapter 1, Oracle Solaris Zones Introduction, in Introduction to Oracle Solaris Zones .